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CLAIMS 



. \> v What is claimed is: 



A method of providing remote cryptographic services, the method 

2 / comprising: 

a client requesting a cryptographic service; 

4 establishing a^ secure connection between the client and a biometric certification 

5 server (BCS); 

6 receiving bionletric data from a user; 

7 the BCS performing the cryptographic service if the user is authenticated based 

8 on the biometric authentication; and 

9 the BCS returning the data to the client. 



! U 
irn 

* 1 
1 

2 
3 
4 
5 



2. The methdd of claim 1, wherein the cryptographic service is 
authenticating the user tp an other server. 

3. The method of claim 2, further comprising the BCS: 
generating a temporary public key /private key pair for the user; and 
certifying the public key; and 

forwarding the certificate to the other server. 



4. The method 
the client receiving 



key; 



of claim 3, further comprising: 

data from the other server for signing with the user's private 



forwarding the date to the BCS; and 



the BCS signing the 



data with the user's temporary private key. 



5. The method c 



f claim 4, further comprising: 



\ 
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the client generating a session key for use with the other server, and encrypting 
the session key with a public key of the other server; and 

the client closing the secure connection between the client and the BCS once the 
session is established between the client and the other server. 

6. The methojd of claim 2, further comprising: 

detecting an access to a certification database of the client by an other server; 

inserting a temporary certification from the BCS into the certification database of 
the client; and I 

generating a true certificate if the other server chooses the temporary 
certification. I 

7. The method of claim 1, wherein the cryptographic service is signing or 
encrypting data. 



8. The method of claim 7, further comprising the BCS: 
retrieving a private key /public key pair for the user; and 
performing the crypt ^graphic service with the private or the public key. 

9. The method of claim 1, wherein the client requesting a cryptographic 
service comprises on of the following: detecting an access to a certificate database of the 
client, detecting the user attempting to perform a cryptographic activity. 



10. A method of providing a certificate from a client to a server, the method 
comprising: I 

receiving a request for a certificate from the server; 
forwarding the request to a biometric certification server (BCS); 
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5 receiving a biometric identification from the client and forwarding the biometric 

6 identification to the BCS; 

7 if the biometric identification matches a registered user on the BCS, receiving a 

8 certificate including a public key of the client certified by the BCS; and 

9 forwarding the certificate to the server, thereby identifying the client to the 
10 server. 
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and 



11. The method of claim 10, further comprising: 
detecting an access to a certification database by the server- 
inserting a temporary certification from the BCS into the certification database; 

generating a true certificate if the server chooses the temporary certification. 



Oil 12. The method of claim 10, further comprising: 

i 

fji2 the BCS generating a disposable public/private key pair in response to the 

3 3 request; and 
[;j4 the BCS certifying th<? disposable public key of the user. 

Si 

j j 13. An apparatus lor performing remote cryptographic functions comprising: 

2 a crypto-proxy interf a ce for receiving a request for a cryptographic function from 

3 a client on a secure connection; 

4 an authentication engine for authenticating the user based on biometric data; 

5 a cryptographic engine for performing the cryptographic functions; and 

6 the crypto-proxy interlace for returning data to the client, after the cryptographic 

7 functions are performed. 



14. The apparatus o 



claim 13, further comprising: 
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2 a database including user credentials; 

3 the authentication engine retrieving user biometric template from the database 

4 and comparing the biometric template to the biometric data received from the user. 

1 15. The apparatus of claim 13, further comprising: 

2 a dynamic key generation engine for generating a temporary public key/private 

3 key pair, the key pair used for establishing a session between the client and an other 

4 server. I 

1 16. The apparatus of claim 15, further comprising the cryptographic engine 

2 generating a certificate including the temporary public key, certified by the crypto- 
3 server's private key. I 

:jj 17. The apparatus of claim 15, the dynamic key generation engine destroying 

^2 the temporary key pair after the session between the client and the other server is 

^3 successfully established. 1 

CJ 18. The apparatus of claim 13, further comprising: 

r 2 user self-registration interface permitting a user to chose a handle and register a 

3 biometric template. 1 

1 19. The apparatus of claim 18, further comprising: 

2 a registration engine for receiving biometric data from the user during a 

3 registration process, and further for extracting the biometric template for the user; and 

4 a user credential database for storing the handle and the biometric template of 

5 the user. 1 
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1 20. The apparatus of claim 17, further comprising: 

2 the registration engine further for generating a persistent private key/ public key 

3 pair; and 

4 a database for storing the persistent private key/public key pair. 

1 21. The apparatus of claim 13, further comprising: 

2 a database for stoning a persistent private key /public key pair; and 

3 the cryptographic engine for using the persistent private key or public key when 

4 appropriate to perform the cryptographic functions. 
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22. An apparatus for permitting remote cryptographic functions comprising: 
a crypto- API (application program interface) for receiving cryptographic 
function requests; and 

a cryptographic servike provider for establishing a secure connection to a remote 
crypto-server, and having the crypto-server perform the cryptographic function; and 

; biometric data from a user, the biometric data sent to the 
the user. 



a sensor for receiving 
crypto-server to authenticate 



23. An apparatus comprising: 
a client comprising: 

a crypto- API (application program interface) for receiving 
cryptographic function requests; and 

a cryptographic service provider for establishing a secure 
connection to a remote crypto-server, and having the crypto-server 
perform the cryptographic function; and 

a sensor for receiving biometric data from a user, the biometric data 
sent to the crypto-server to authenticate the user; 
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the remote crypto-server comprising: 

a crypt©-proxy interface for receiving a request for the 
cryptographic function from the client on the secure connection; 

an authentication engine for authenticating the user based on the 
biometric data; 

a cryptographic engine for performing the cryptographic functions; 

and 

the crypto-Jproxy interface for returning data to the client, after the 
cryptographic functions are performed. 
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